Configuration Specific to Windows 2000/2003 IAS
Each user who will be authenticating with your IAS server must have remote access permission. The remote access permission can be defined via the Active Directory Users and Computer snap-in. View the properties for the appropriate user. On the tab Dial-in, grant the Allow Access to Remote Access permission.
You can also configure this permission through the remote access policy. Please consult your Windows documentation for the proper steps.
The policy must allow for authentication via PAP, as this is the only RADIUS method currently supported by BeyondTrust. Review your IAS policy and ensure that this method is supported as a means of authenticating via your Secure Remote Access Appliance.